Description
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.
Remediation
References
Related Vulnerabilities
Apache 2.x version older than 2.2.10
WordPress Plugin InfiniteWP Client Unspecified Vulnerability (1.3.14)
WordPress Plugin CrossSlide jQuery Multiple Vulnerabilities (2.0.5)
Moodle Configuration Vulnerability (CVE-2012-0797)
Apache Traffic Server Improper Authentication Vulnerability (CVE-2021-44759)